 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
that is interesting, even looking at the source all the graphics are hosted by ebay and the form goes back to ebay too but with another redirect tag. Ebay would have to be quite stupid to send information about some ones user details back in this fashion. If this is just a regular ebay page then it might be that the phishers sent the wrong link. Let us know what the outcome is; if it turns out that ebay has some kind of internal form redirect scheme for covering up other urls in the way then I don't think I could ever use them safely in the future. Regards, Martin On 04/02/07, Grant M. <gmongardi at napc.com> wrote: > Just thought this was an interesting phishing attempt that I hadn't > seen before. The email I had received appeared to be a response to some > item that I had listed on ebay, although I have never listed anything on > ebay. I clicked the link to the listing, and got to the actual login > page for ebay (not some phishing site, but ebay's actual sign-in page). > I verified the URL, and firefox showed it as green, and so I clicked the > Sign-In button, and it returned an invalid login page. Hmmm. > I clicked the back button, and verified that it truly was ebay, and > it definitely was. I then realized, that the URL that I had used had > embedded a redirect to another site. Here is the URL in the email: > https://signin.ebay.com/ws/eBayISAPI.dll?SignInMCAlert&ru=http://ns.reg.com.co/signin.ebay.com/ws/signin.ebay.comwseBayISAPI.dllSignIn.html > and here is where it redirects to once you've logged-in: > http://ns.reg.com.co/signin.ebay.com/ws/signin.ebay.comwseBayISAPI.dllSignIn.html > and ebay's sign-in page actually redirected me to it. Obviously, the > page was no longer ebay's, but I could see someone (myself included) > falling into this trap. In fact, if firefox hadn't auto-filled the > fields for this site, I might have assumed I had actually typed them in > wrong. > I was somewhat surprised that ebay would do this sort of thing, and > went to ebay to report this. After doing a search for phishing and then > also clicking through about 10 links to finally find where to report > this, it described how to tell whether an email points to a phishing > site or not, and describes verifying the URL - exactly where this would > have fallen down. Here's the page: > http://pages.ebay.com/help/confidence/isgw-account-theft-spoof.html > > Just thought it might start an interesting tech discussion, > Grant M. > -- > Grant Mongardi > Systems Engineer > NAPC > > gmongardi at napc.com > http://www.napc.com/ > 781.894.3114 phone > 781.894.3997 fax > > NAPC | technology matters > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
